Re: Failing GPG key
* Russ Allbery: " Re: Failing GPG key" (Tue, 09 Apr 2019 10:17:15 -0700):
> All discussion of the right way to handle keyring updates for a vote
> aside, this is a good reminder that one of the drawbacks of setting key
> expirations is that bumping the expiration date (or adding a new subkey)
> is a bit more involved than it may appear and takes a while to propagate.
>
> I bump the expiration date or generate a new subkey six months before the
> current one will expire, and immediately push the new one to both the
> general keyserver network and to keyring.debian.org. Since I started
> doing that, I've not had any problems; before that, I would occasionally
> have trouble uploading to the backports archive or other issues due to
> slower keyring updates. Unless you have a specific application in mind
> for a faster key expiration, I can recommend that practice as one that
> seems to avoid issues.
I will do exactly like you explained in the future. The time frames needed to
get seamless functionality are indeed substantially longer than I had expected
in the first place.
> (This is not to imply in any way that this is your fault. I found this
> aspect of things quite unintuitive myself.)
Thanks for the further aspects to keep in mind. As for me I *was* too late in
resetting the expiry. Shit happens. I don't think that will happen again;)
Cheers
Mathias
--
Mathias Behrle ✧ Debian Developer
PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6
AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6
Reply to: